Q.No.1 Which of the following is MOST important for an organization that wants to reduce IT operational risk?
A. Increasing senior management's understanding of IT operations
B. Increasing the frequency of data backups
C. Minimizing complexity of IT infrastructure
D. Decentralizing IT infrast...
Q.No.1 Which of the following is MOST important for an organization that wants to reduce IT
operational risk?
A. Increasing senior management's understanding of IT operations
B. Increasing the frequency of data backups
C. Minimizing complexity of IT infrastructure
D. Decentralizing IT infrastructure
Q.No.2 Deviation from a mitigation action plan's completion date should be determined by
which of the following?
A. Benchmarking analysis with similar completed projects
B. Change management as determined by a change control board
C. The risk owner as determined by risk management processes
D. Project governance criteria as determined by the project office
Q.No.3 A business unit has decided to accept the risk of implementing an off-the-shelf,
commercial software package that uses weak password controls. What is the BEST course of
action?
A. Continue the implementation with no changes.
B. Obtain management approval for policy exception.
C. Select another application with strong password controls.
D. Develop an improved password software routine.
Q.No.4 Which of the following is the PRIMARY reason to have the risk management process
reviewed by a third party?
A. Validate the threat management process.
B. Obtain objective assessment of the control environment
C. Ensure the risk profile is defined and communicated.
D. Obtain an objective view of process gaps and systemic errors.
Q.No.5 In an organization dependent on data analytics to drive decision-making, which of the
following would BEST help to minimize the risk associated with inaccurate data?
A. Periodically reviewing big data strategies
B. Evaluating each of the data sources for vulnerabilities
C. Establishing an intellectual property agreement
D. Benchmarking to industry best practice
Q.No.6 Which of the following is MOST appropriate to prevent unauthorized retrieval of
confidential information stored in a business application system?
A. Implement segregation of duties.
B. Enforce an internal data access policy.
C. Apply single sign-on for access control.
D. Enforce the use of digital signatures.
,Q.No.7 The GREATEST concern when maintaining a risk register is that:
A. significant changes in risk factors are excluded.
B. impacts are recorded in qualitative terms.
C. executive management does not perform periodic reviews.
D. IT risk is not linked with IT assets,
Q.No.8 Which of the following will BEST help in communicating strategic risk priorities?
A. Heat map
B. Business impact analysis (BIA)
C. Balanced Scorecard
D. Risk register
Q.No.9 Which of the following is the BEST indicator of the effectiveness of a control action
plan's implementation?
A. Stakeholder commitment
B. Increased risk appetite
C. Reduced risk level
D. Increased number of controls
Q.No.10 Which of the following is the BEST method for identifying vulnerabilities?
A. Batch job failure monitoring
B. Periodic network scanning
C. Risk assessments
D. Annual penetration testing
Q.No.11 Which of the following will BEST ensure that information security risk factors are
mitigated when developing in-house applications?
A. Design key performance indicators (KPIs) for security in system specifications.
B. Include information security control specifications in business cases.
C. Identify key risk indicators (KRIs) as process output
D. Identify information security controls in the requirements analysis
Q.No.12 A management team is on an aggressive mission to launch a new product to
penetrate new markets and overlooks IT risk factors, threats, and vulnerabilities. This scenario
BEST demonstrates an organization's risk:
A. Tolerance.
B. culture.
C. Management.
D. analysis.
Q.No.13 During a control review, the control owner states that an existing control has
deteriorated over time. What is the BEST recommendation to the control owner?
A. Discuss risk mitigation options with the risk owner.
, B. Escalate the issue to senior management
C. Implement compensating controls to reduce residual risk.
D. Certify the control after documenting the concern.
Q.No.14 Which of the following is the BEST approach for determining whether a risk action
plan is effective?
A. Assessing changes in residual risk
B. Comparing the remediation cost against budget
C. Assessing the inherent risk
D. Monitoring changes of key performance indicators (KPIs)
Q.No.15 Who is responsible for IT security controls that are outsourced to an external service
provider?
A. Organization's information security manager
B. Organization's risk function
C. Service provider's IT management
D. Service provider's information security manager
Q.No.16 Which of the following approaches will BEST help to ensure the effectiveness of risk
awareness training?
A. Piloting courses with focus groups
B. Using reputable third-party training programs
C. Reviewing content with senior management
D. Creating modules for targeted audiences
Q.No.17 A PRIMARY advantage of involving business management in evaluating and
managing risk is that management:
A. is more objective than risk management
B. better understands the system architecture.
C. can balance technical and business risk.
D. can make better-informed business decisions.
Q.No.18 When reviewing a risk response strategy, senior management's PRIMARY focus
should be placed on the:
A. cost-benefit analysis.
B. key performance indicators (KPIs).
C. investment portfolio
D. alignment with risk appetite.
Q.No.19 The effectiveness of a control has decreased. What is the MOST likely effect on the
associated risk?
A. The risk impact changes.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller THEEXCELLENCELIBRARY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.